{{- define "cainjector_resources" }}
cpu: 25m
memory: 50Mi
{{- end }}

{{- if .Values.certManager.enableCAInjector }}
{{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
  name: cainjector
  namespace: d8-cert-manager
  {{- include "helm_lib_module_labels" (list . (dict "app" "cainjector" "workload-resource-policy.deckhouse.io" "master"  )) | nindent 2 }}
spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: Deployment
    name: cainjector
  updatePolicy:
    updateMode: "Initial"
  resourcePolicy:
    containerPolicies:
    - containerName: "cainjector"
      minAllowed:
        {{- include "cainjector_resources" . | nindent 8 }}
      maxAllowed:
        cpu: 50m
        memory: 100Mi
{{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cainjector
  namespace: d8-cert-manager
  {{- include "helm_lib_module_labels" (list . (dict "app" "cainjector")) | nindent 2 }}
spec:
  {{- include "helm_lib_deployment_on_master_strategy_and_replicas_for_ha" . | nindent 2 }}
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: cainjector
  template:
    metadata:
      labels:
        app: cainjector
    spec:
      serviceAccountName: cainjector
      {{- include "helm_lib_priority_class" (tuple . "system-cluster-critical") | nindent 6 }}
      {{- include "helm_lib_pod_anti_affinity_for_ha" (list . (dict "app" "cainjector")) | nindent 6 }}
      {{- include "helm_lib_node_selector" (tuple . "master") | nindent 6 }}
      {{- include "helm_lib_tolerations" (tuple . "any-node" "with-uninitialized") | nindent 6 }}
      {{- include "helm_lib_module_pod_security_context_run_as_user_nobody" . | nindent 6 }}
      imagePullSecrets:
      - name: deckhouse-registry
      containers:
        - name: cainjector
          {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" . | nindent 10 }}
          image: {{ include "helm_lib_module_image" (list . "certManagerCainjector") }}
          args:
          - --leader-election-namespace=$(POD_NAMESPACE)
          env:
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          resources:
            requests:
              {{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 14 }}
{{- if not (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
              {{- include "cainjector_resources" . | nindent 14 }}
{{- end }}
{{- end }}

